Effect of (ALL:ALL) in sudoers?

What is the purpose of the ALL:ALL in the sudoers file for the default %sudo group entry?

Code:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

In other words, what's the difference between those two lines? I understand that the admin group can run any command from any machine as any user, so what extra or reduced functionality does the sudo group get?

Re: Effect of (ALL:ALL) in sudoers?

What is the purpose of the ALL:ALL in the sudoers file for the default %sudo group entry?

Code:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

In other words, what's the difference between those two lines? I understand that the admin group can run any command from any machine as any user, so what extra or reduced functionality does the sudo group get?

Thanks

Users in the admin group may become root. Users in the sudo group can only use the sudo command.

user:group

(ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo. If you don't specify anything it will run as root:root, which is the default. That's how most end up using it anyway.